1. CVE-Search
  2. CVE-2020-8116
ID CVE-2020-8116
Summary Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
References
Vulnerable Configurations
  • cpe:2.3:a:dot-prop_project:dot-prop:5.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:5.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:5.0.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:5.0.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:5.1.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:5.1.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:1.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:1.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:1.0.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:1.0.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:2.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:2.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:2.1.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:2.1.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:2.2.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:2.2.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:2.3.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:2.3.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:2.4.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:2.4.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:3.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:3.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:4.0.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:4.0.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:4.1.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:4.1.0:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:4.1.1:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:4.1.1:*:*:*:*:node.js:*:*
  • cpe:2.3:a:dot-prop_project:dot-prop:4.2.0:*:*:*:*:node.js:*:*
    cpe:2.3:a:dot-prop_project:dot-prop:4.2.0:*:*:*:*:node.js:*:*
CVSS
Base: 7.5 (as of 05-08-2022 - 19:32)
Impact:
Exploitability:
CWE CWE-1321
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
redhat via4
rpms
  • nodejs-1:12.18.4-2.module+el8.2.0+8361+192e434e
  • nodejs-debuginfo-1:12.18.4-2.module+el8.2.0+8361+192e434e
  • nodejs-debugsource-1:12.18.4-2.module+el8.2.0+8361+192e434e
  • nodejs-devel-1:12.18.4-2.module+el8.2.0+8361+192e434e
  • nodejs-docs-1:12.18.4-2.module+el8.2.0+8361+192e434e
  • nodejs-full-i18n-1:12.18.4-2.module+el8.2.0+8361+192e434e
  • nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45
  • nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45
  • npm-1:6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e
  • nodejs-1:12.18.4-2.module+el8.1.0+8360+14141500
  • nodejs-debuginfo-1:12.18.4-2.module+el8.1.0+8360+14141500
  • nodejs-debugsource-1:12.18.4-2.module+el8.1.0+8360+14141500
  • nodejs-devel-1:12.18.4-2.module+el8.1.0+8360+14141500
  • nodejs-docs-1:12.18.4-2.module+el8.1.0+8360+14141500
  • nodejs-full-i18n-1:12.18.4-2.module+el8.1.0+8360+14141500
  • nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45
  • nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45
  • npm-1:6.14.6-1.12.18.4.2.module+el8.1.0+8360+14141500
  • rh-nodejs12-nodejs-0:12.18.4-3.el7
  • rh-nodejs12-nodejs-debuginfo-0:12.18.4-3.el7
  • rh-nodejs12-nodejs-devel-0:12.18.4-3.el7
  • rh-nodejs12-nodejs-docs-0:12.18.4-3.el7
  • rh-nodejs12-npm-0:6.14.6-12.18.4.3.el7
refmap via4
misc
Last major update 05-08-2022 - 19:32
Published 04-02-2020 - 20:15
Last modified 05-08-2022 - 19:32
Back to Top